Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32125
HistoryMay 17, 2015 - 12:00 a.m.

Server buffer overflow in Pure Faction <= 3.0c

2015-05-1700:00:00
vulners.com
13
JSON

Application: Pure Faction
http://www.purefaction.org
Versions: <= 3.0c
Platforms: Windows
Bug: server buffer overflow
Risk: highly critical
Exploitation: remote and automatic (requires attacker to have joined server)
Date: 13 Mar 2015
Author: soulsgetnothing
e-mail: soulsgetnothing (at) hotmail (dot) com [email concealed]
web: none

Pure Faction is an unofficial third-party patch for Red Faction, an FPS game developed by Volition. (http://www.volition-inc.com)

After a client joins a server, a null-terminated text string can be sent with in-game chat, however when the text is bigger than 519 bytes, the return address is overwritten via stack overflow. Clients are not affected.

The instruction that does this is in 3.0c is: .text:10013A18 rep movsd

The attacker will have full control over any server that he can join.

No fix.
Developers have been contacted, though they do not seem concerned with making a fix.

JSON